Changed app for proxy and https++

2026-01-22 16:32:02 +01:00
parent 7fc81a0f65
commit e4fed12143
3 changed files with 348 additions and 0 deletions
--- a/app.py
+++ b/app.py
@@ -1,5 +1,6 @@
 from flask import Flask, render_template, request, jsonify, redirect, url_for, session
 from functools import wraps
+from werkzeug.middleware.proxy_fix import ProxyFix
 import malias_wrapper as malias_w
 import os
 import argparse
@@ -8,9 +9,28 @@ import sys
 app = Flask(__name__)
 app.secret_key = os.urandom(24)  # Secret key for session management

+# Configure for reverse proxy (Authelia, Zoraxy, Nginx, etc.)
+# This fixes HTTPS detection and redirects when behind a proxy
+app.wsgi_app = ProxyFix(
+    app.wsgi_app,
+    x_for=1,        # Trust X-Forwarded-For with 1 proxy
+    x_proto=1,      # Trust X-Forwarded-Proto (http/https)
+    x_host=1,       # Trust X-Forwarded-Host
+    x_prefix=1      # Trust X-Forwarded-Prefix
+)
+
 # Initialize database on startup
 malias_w.init_database()

+# Session configuration for reverse proxy
+# Allow session cookies to work properly behind HTTPS proxy
+app.config.update(
+    SESSION_COOKIE_SECURE=False,      # Set to True if using HTTPS only
+    SESSION_COOKIE_HTTPONLY=True,     # Prevent JavaScript access to session cookie
+    SESSION_COOKIE_SAMESITE='Lax',    # CSRF protection
+    PREFERRED_URL_SCHEME='https'      # Generate HTTPS URLs when behind proxy
+)
+
 def login_required(f):
    """Decorator to require login for routes"""
    @wraps(f)